Tag Archives: BPOS

BPOS Password Expiration script

Posted on by
Reply

MessageOps has released a nice script which you can use to notify your BPOS users when their Online Passwords are about to expire.

Hereby a copy of the script.
Original source here

#Microsoft Online Password Expiration Notification Script
#
#Written By:Chad Mosman, MessageOps, www.messageops.com
#
#This script notifies users via email when their Microsoft Online Password is about
#to expire. It is designed to be scheduled to run on a daily basis. Due to the way
#it searches for users, it requires directory synchronization be enabled for the domain
#it is run against.
#
#The following variables should be modified before running the script
#
#$AdvancedWarning – Controls how many days before expiration the users will be notified
#that their password is about to expire. Default is 15 days.
#
#$mailFrom – Enter the email address that the notification will appear to come from.
#
#$SMTPServer – If inbound mailflow is enabled for your Microsoft Online domain, the default of
#mail.global.frontbridge.com should work. Otherwise, specify the name of your on-premise
#mail system.
#
#$powerUser – Username of an account with Service Admin Rights in Microsoft Online.
#
#$powerpass – Password of the account with Service Admin Rights in Microsoft Online.
#
#$subject, $body – The notification message subject and body can be customized to your needs.
#
#When testing it is recommended the script be run against a single user. To do that, change:
#
#$collitems = Get-XsActiveDirectoryUser -Identity *
#To
#$collitems = Get-XsActiveDirectoryUser -Identity EmailAddressOfTestUser
#
#For assistance with the script, to report problems, or provide comments contact support@messageops.com
#
#Number of days in advance the user should be warned that their password is about to expire
$AdvancedWarning=15
#Email address that the notification email will appear to be from
$mailFrom = "user@yourdomain.com"
#If inbound mailflow is not enabled on your domain in Microsoft Online, change this value
#to your on-premise mail server which should forward to Microsoft Online
$smtpServer = "mail.global.frontbridge.com"
#Microsoft Online Service Account Username and Password
$powerUser = "user@domain.microsoftonline.com"
$powerPass = "Password"
$password = ConvertTo-SecureString $powerPass -AsPlainText -Force
$adminCredential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $powerUser,$password
#Get all objects in your local Active Directory that are synchronized to Microsoft Online
$collitems = Get-XsActiveDirectoryUser -Identity * -Resultsize 100000 -quiet| Search-XsMicrosoftOnlineDirectory -Credential $adminCredential
foreach ($objitem in $collitems){
#Determine if the user has been activated or not
if($objitem.HardMatchName -ne $null){
$mailbox = get-xshostedExchangeMailbox -SourceIdentity $objitem.HardMatchName -sourceserver domain.com | Search-XsMicrosoftOnlineDirectory -credential $adminCredential
#check to see if the account is activated
if($mailbox.TargetSendQuota -gt 0){
#format the email address
$emailAddress = $mailbox.HardmatchName -replace "SMTP:",""
#get the password expiration date for the current user
$user=Get-msonlineuser -identity $emailAddress -credential $adminCredential
#calculate the date difference between today and the password expiration date
$datedifference=($user.PasswordExpirationDate-[DateTime]::Now).Days
#is the password going to expire withing the number of days configured in the AdvancedWarning?
If ($datedifference -le $AdvancedWarning){
If ($datedifference -eq 0){
$subject = "IMMEDIATE ACTION REQUIRED: Your Microsoft Online Password Has Expired"
$body = "Your Microsoft Online password has expired. "
}
ElseIf ($dateDifference -eq 1){
$subject = "IMMEDIATE ACTION REQUIRED: Your Microsoft Online Password will expire in 1 day"
$body = "Your Microsoft Online password will expire in 1 day. "
}
Else{
$subject = "ACTION REQUIRED: Your Microsoft Online Password will expire in",$datedifference,"days"
$body = "Your Microsoft Online password will expire in",$datedifference,"days. "
}
$body = $body + "Please use the Microsoft Online Sign in Client to change your password. If you do not use the Sign In Client, browse to https://home.microsoftonline.com to reset your password."
#send notification to user
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($mailFrom, $emailaddress, $subject, $body)
}
}
}
}

Microsoft Online Sign-In Client ADM GPO

Posted on by
2

* update: the adm file mentioned in this post isn’t available anymore, see comment (at least I did not find him, if you did please post a comment)

If your want to manage the settings inside de Microsoft Online Sign-In Client (used with BPOS) through Group Policies, you can download a Active Directory Group Policy Object here.

As stated on the Microsoft Online Services Team Blog:
This file is provided as-is and is not supported.  It has been tested and works properly, however it has not gone through official Engineering sign-off.  Once signed off it will be published to the Microsoft Downloads site, so stay tuned for an official version.

Settings you can manage:

  • Enable Sign In to remember the username of the last signed in user
    This policy should be Enabled when your user’s Online Account Name should be displayed each time the Sign-In Client is launched.
  • Enable Sign In to remember the password of the last signed in user
    This policy should be Enabled if your Online user’s password should be remembered and populated each time the Sign-In Client is launched.
  • Enable Sign In to automatically sign in the user
    This policy should be Enabled if you want the Sign-In Client to automatically sign-in once Windows is started.
  • Enable Sign In to automatically start when the user starts Windows
    This policy should be Enabled if you want the Sign-In Client to automatically launch after Windows starts.
  • Enable Sign In to automatically minimize when the user signs in to Sign In
    This policy should be Enabled if you want the Sign-In Client to automatically minimize to the Windows.
  • Enable Sign In to show alerts when a new update is available for Sign In
    This policy should be Enabled. It provides visible popup notifications when a Sign-In Client Application update is available.
  • Enable Sign In to show alerts when a new configuration is available
    This policy should be Enabled. It provides visible popup notifications when a Sign-In Client Application Configuration update is available.

SMTP enabled for BPOS Worldwide

Posted on by
Reply

According to the BPOSitive blog, SMTP is now enabled for BPOS.
If you have some clients who require to send email through your online exchange environment, you can do so now (all info below thanks to BPOSitive).

To connect to the Microsoft Online Services SMTP server, open your SMTP client application and provide the information below.

The fully qualified domain name (FQDN) of the Microsoft Online Services SMTP server. The FQDN will be slightly different depending on which Microsoft Online Services datacenter your company is connected to. The server FQDNs are:o North America Datacenter:

  • Smtp.mail.microsoftonline.com
  • Europe Datacenter: Smtp.mail.emea.microsoftonline.com
  • Asia Pacific Datacenter: Smtp.mail.apac.microsoftonline.com

The user name and password of a Microsoft Online Services user account with an Exchange Online license. On most client applications, this is under “My outgoing mail server (SMTP) requires authentication” – this should be configured “Yes”, and the corresponding Microsoft Online username and password supplied.

The SMTP port to use: 587
On most client applications, this is under “Server Port Numbers for Outgoing Server (SMTP)” – this should be configured to use port 587

Make sure that Transport Layer Security (TLS) is enabled in your SMTP client.
On most client applications, this is under “My outgoing mail server (SMTP) requires an encrypted connection (SSL)” – this should be configured “Yes”

BPOS sign in client Group Policy Object

Posted on by
1

A Group Policy Object for managing the users sign-in Client Application (used in Microsoft Online)

http://blogs.technet.com/msonline/archive/2009/02/09/microsoft-online-sign-in-client-adm-group-policy-object.aspx

/* 26.05.2010: I just got noticed in the comments that the link isn’t working anymore, thx Darren*/

Some things it can manage:

  • Enables Sign In to remember the username of the last signed in user. This policy should be Enabled when your user’s Online Account Name should be displayed each time the Sign-In Client is launched.
  • Enables Sign In to remember the password of the last signed in user. This policy should be Enabled if your Online user’s password should be remembered and populated each time the Sign-In Client is launched.
  • Enables Sign In to automatically sign in the user. This policy should be Enabled if you want the Sign-In Client to automatically sign-in once Windows is started.
  • Enables Sign In to automatically start when the user starts Windows. This policy should be Enabled if you want the Sign-In Client to automatically launch after Windows starts.
  • Enables Sign In to automatically minimize when the user signs in to Sign In. This policy should be Enabled if you want the Sign-In Client to automatically minimize to the Windows SysTray.
  • Enables Sign In to show alerts when a new update is available for Sign In. This policy should be Enabled. It provides visible popup notifications when a Sign-In Client Application update is available.
  • Enables Sign In to show alerts when a new configuration is available. This policy should be Enabled. It provides visible popup notifications when a Sign-In Client Application Configuration update is available.

Microsoft Online Services: service update august ‘09

Posted on by
Reply

The Microsoft Online Services Service Update for August 2009 begins deployment into production data centers this week and is scheduled to be available to all customers by the end of August; updates to the release deployment status will be posted to the comment section of this blog post.

No scheduled downtime is planned for the Microsoft Online Administration Center or the availability of the services in the Business Productivity Online Suite.

The following features are included in this Service Update:

New Language Support for Microsoft Online Administration Center (MOAC)

The Microsoft Online Administration Center is adding support for eight new languages: Traditional Chinese, Simplified Chinese, Italian, Danish, Dutch, Finnish, Norwegian, and Swedish.

SMTP Relay Support

Exchange Online is enabled to support for SMTP relay, allowing SMTP-enabled applications to send e-mail via Exchange Online.

Exchange Online Journaling

Exchange Online journaling is enabled, allowing email to be journaled to third-party archiving solutions, including Exchange Hosted Archive. Journaling can be enabled by contacting Microsoft Online Services support and opening a Service Request.

While Exchange Online journaling allows email to be journaled to third-party archiving solutions, Microsoft Online Services does not support or certify these third-party solutions. It is the customer’s responsibility to configure their archiving solution to work with Exchange Online journaling.

original source: here

New Partner Features and Partner Momentum Announced at WPC09

Posted on by
Reply

This morning at the Microsoft Worldwide Partner Conference in New Orleans, Microsoft Online Services announced several new features that enable partners to assist and manage their customers who trial and buy the Business Productivity Online Suite.

Two key features are available today as part of the newly announced Microsoft Partner Network:

· Partner Order on Behalf. Partners can now place Microsoft Online Services orders on behalf of their customers. The feature allows partners to initiate trials, specify the services and quantities they recommend for their customers, pre-configure orders for their customers to complete, and ensure they are the Partner of Record for their customers’ trials and orders placed in the system.

· Partner Commerce Dashboard. The new Partner Commerce Dashboard provides a consolidated view of Microsoft Online Services orders and commerce, such as the status of trials and subscriptions, for customers that have the partner specified as their Partner of Record. Partners can work within the Commerce Dashboard or export the information to Excel to be imported into a CRM system.

Microsoft Online Services also announced Q4 availability of Delegated Administration for partners. Customers will be able to delegate administrative privileges to partners for some tasks in the Microsoft Online Services Administration Center.

Also announced for Q4 rollout is a new partner Distributor Model and integration of partner information on customer invoices. More information about the new partner program and features will be available through Quickstart for Microsoft Online Services.

Announcement of these features highlights the importance of partners to Microsoft Online Services. Since the Microsoft Online Services Partner Program was announced at WPC08, more than 5,000 partners have enrolled in the program. Additionally, 4 of 5 orders for the Business Productivity Online Suite have come through Partners, and Partners have built more than 100 custom solutions exclusively for Microsoft Online Services. Examples of these solutions are available via the Solutions Showcase.

More information from WPC09 can be found on the Microsoft Press Pass site.

Original Source: here

Two new BPOS Tools

Posted on by
1

Two new tools for BPOS (or to say it correctly, 1 new and 1 updated tool).

  1. The Microsoft Online Services Diagnostics and Logging (MOSDAL) support toolkit

    2. The MOSDAL support toolkit performs network diagnostics and collects system configuration, network configuration, and logging information for service-based products. The logs that the tool generates provide data that helps technical support professionals troubleshoot configuration, network, installation, and other service-related issues. MOSDAL collects log files, registry keys, and configuration settings that would otherwise require time-consuming and labor-intensive collection by using separate tools.

  2. Microsoft Online Services Migration Tools (32|64 bit)

    Use the Microsoft Online Services Migration Tools to forward copies of your Exchange Server mail to your Exchange Online mailboxes. You can also use the Migration Tools to copy content from your Exchange Server, POP3, or IMAP4 e-mail server mailboxes to your Exchange Online mailboxes. This product intended for use with Microsoft Online Services only.

Both came to my attention through the blog of Peter de Haas, so kudos to him.

BPOS: Monthly Service Update for June 2009

Posted on by
Reply

The Microsoft Online Services Monthly Service Update for June 2009 is currently in deployment and will be available to all customers by June 30. No scheduled downtime is planned for this release deployment.

The release delivers two important capabilities:

· Exchange Online attachments are now supported up to 30MB. Previously, Exchange Online attachments were limited to 20MB.

· Support for Microsoft Office Outlook 2003 client for Exchange Online is now provided. Support for Outlook 2003 was previously announced in the Team Blog.

Release notes for the June 2009 Release can be found here.

source: BPOSitive – Business Productivity Online Suite technical news by Brett Hill

Setup BPOS Active Directory synchronization

Posted on by
1

To synchronize your AD Domain with your BPOS environment, follow the steps below.

  • Log in on your Microsoft Online Services Administration Center, Click the [Migration] tab and then click the [Configure] button in the “Directory Synchronization” Section.
    BPOS Directory Synchronization 
  • Read the  “Plan for Directory Synchronization” and check the checkbox, confirming that you read it.
  • Press the [Enable] button in step 2, to enable BPOS for the synchronization.
  • Press the [download] button in step 3. This will open a where you can download the synchronization tool.
  • Now you should install the synchronization tool, but mind the following restrictions:
    - Supported OS: Windows Server 2003 Service Pack 2; Windows Server 2008
    - Can’t be installed on a domain controller
    - Can’t be installed on x64
    - Powershell v1.0 has to be installed
  • Execute the file you downloaded in the previous step (dirsync.exe).
    - do not interrupt the installer
  • The installation is a Next, Next, Finish installation. You will be staring at a progress bar for quite a long timeinstallatie_ADSyncTool
  • After the initial install you can start the Configuration Wizard.
    Before you proceed be sure, you have the following things:
    - An user account who is an BPOS Administrator (probably the one you used to login with in step 1)
    - An Enterprise Administrator Account
    If you have these then the configuration is again almost, Next, Next, Finish.
  • At the end of the configuration, choose “”Synchronize directories now”
    - do not create any user object in your BPOS environment during this sync.
  • Within a few minutes, you can then view your imported users in your BPOS environment, they are all imported under the “Disabled User“ view (Tab [Users] > [User List], under view select “Disabled Users”).

From here you can now enable the users. A bit annoying is the fact that the list doesn’t use paging, you can only go 1 step through the list or to the end (or is that because I only had 2 pages?)

So now some things that are interesting to know:

  • The tool creates a service account named MSOL_AD_Sync. This will be a domain account with directory replication permissions on your AD.
  • A service will be installed on your ”sync station”.
  • The time needed for a synchronization depends on how many objects you have.
    500 objects will take about 5 min. to sync the first time, after the about 30 sec.
    1000 objects will take 10 min, after that 1 min.
    500o objects will take 45 min, after that 5 min.
    15000 objects will take 2.5h, after that 10 min.
    All depending on your bandwidth of course, for more than 20.000 objects contact Microsoft.
  • An uninstall of the tool, will not delete the MSOL_AS_Sync account, you have to do this manually.
  • The tool will sync every user in your complete forest, so whenever you must delete a domain in your forest this will impact your BPOS environment. To delete the domain, you must complete some “in-between” steps.
  • Every 3 hours there will be a scheduled sync.

Edit: I later received a few error messages, on my admin account mail address.
Apparently, a ‘&’ sign in a user name will generate a “049: LDAP injection characters were found in the user alias” error.